package admin import ( "crypto/rand" "encoding/base64" "encoding/json" "net/http" "time" ) type User struct { Username string `json:"username"` Password string `json:"password"` Role string `json:"role"` } type Session struct { Token string Username string Role string ExpiresAt time.Time } type LoginRequest struct { Username string `json:"username"` Password string `json:"password"` } type LoginResponse struct { Success bool `json:"success"` Message string `json:"message"` Token string `json:"token,omitempty"` Role string `json:"role,omitempty"` } // In-memory storage (replace with database in production) var ( users = map[string]User{ "admin": { Username: "admin", Password: "admin123", // In production, use hashed passwords Role: "admin", }, } sessions = make(map[string]Session) ) func generateToken() (string, error) { bytes := make([]byte, 32) if _, err := rand.Read(bytes); err != nil { return "", err } return base64.URLEncoding.EncodeToString(bytes), nil } func HandleLogin(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") if r.Method == "GET" { // Serve login page tmpl := ` Přihlášení - Správa

Přihlášení

Administrátorské rozhraní

Přihlašování...
` w.Header().Set("Content-Type", "text/html") w.Write([]byte(tmpl)) return } if r.Method != "POST" { w.WriteHeader(http.StatusMethodNotAllowed) json.NewEncoder(w).Encode(LoginResponse{ Success: false, Message: "Method not allowed", }) return } var loginReq LoginRequest if err := json.NewDecoder(r.Body).Decode(&loginReq); err != nil { w.WriteHeader(http.StatusBadRequest) json.NewEncoder(w).Encode(LoginResponse{ Success: false, Message: "Invalid request format", }) return } // Check credentials user, exists := users[loginReq.Username] if !exists || user.Password != loginReq.Password { w.WriteHeader(http.StatusUnauthorized) json.NewEncoder(w).Encode(LoginResponse{ Success: false, Message: "Neplatné přihlašovací údaje", }) return } // Generate session token token, err := generateToken() if err != nil { w.WriteHeader(http.StatusInternalServerError) json.NewEncoder(w).Encode(LoginResponse{ Success: false, Message: "Chyba při vytváření relace", }) return } // Store session sessions[token] = Session{ Token: token, Username: user.Username, Role: user.Role, ExpiresAt: time.Now().Add(24 * time.Hour), } json.NewEncoder(w).Encode(LoginResponse{ Success: true, Message: "Přihlášení úspěšné", Token: token, Role: user.Role, }) } func HandleLogout(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") token := r.Header.Get("Authorization") if token == "" { // Try to get from cookie if cookie, err := r.Cookie("authToken"); err == nil { token = cookie.Value } } if token != "" { delete(sessions, token) } json.NewEncoder(w).Encode(map[string]interface{}{ "success": true, "message": "Odhlášení úspěšné", }) } func RequireAuth(next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("Authorization") if token == "" { // Try to get from cookie if cookie, err := r.Cookie("authToken"); err == nil { token = cookie.Value } } if token == "" { http.Redirect(w, r, "/login", http.StatusFound) return } session, exists := sessions[token] if !exists || time.Now().After(session.ExpiresAt) { if exists { delete(sessions, token) } http.Redirect(w, r, "/login", http.StatusFound) return } // Extend session session.ExpiresAt = time.Now().Add(24 * time.Hour) sessions[token] = session next(w, r) } } func RequireAdminAuth(next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("Authorization") if token == "" { // Try to get from cookie if cookie, err := r.Cookie("authToken"); err == nil { token = cookie.Value } } if token == "" { http.Redirect(w, r, "/login", http.StatusFound) return } session, exists := sessions[token] if !exists || time.Now().After(session.ExpiresAt) || session.Role != "admin" { if exists { delete(sessions, token) } http.Redirect(w, r, "/login", http.StatusFound) return } // Extend session session.ExpiresAt = time.Now().Add(24 * time.Hour) sessions[token] = session next(w, r) } } func GetCurrentUser(r *http.Request) *Session { token := r.Header.Get("Authorization") if token == "" { if cookie, err := r.Cookie("authToken"); err == nil { token = cookie.Value } } if token == "" { return nil } session, exists := sessions[token] if !exists || time.Now().After(session.ExpiresAt) { return nil } return &session }